Reputation: 5233
Using List of IAM Policy Document Objects as AWS::Serverless::Function Policies
According to the documentation for AWS::Serverless::Function in the Serverless Application Model, it is possible to specify a list of IAM Policy Document Objects (PDO) for the Policies property of a Resource.
However, the AWS Toolkit for Visual Studio is flagging a syntax error when I try to define an IAM PDO:
Here is a full example of my Resources section:
"Resources": {
"Example" : {
"Type" : "AWS::Serverless::Function",
"Properties": {
"Handler": "Example::Example.Controllers.ExampleController::ExampleAction",
"Runtime": "dotnetcore2.0",
"CodeUri": "",
"MemorySize": 256,
"Timeout": 30,
"Policies": [{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
}],
"Events": {
"PutResource": {
"Type": "Api",
"Properties": {
"Path": "/{id}",
"Method": "GET"
}
}
}
}
}
}
Is there something I'm getting wrong, or is there an issue with either SAM or the AWS Toolkit syntax validation?
Upvotes: 6
Views: 295
Answers (3)
Reputation: 3177
I just updated the VS CloudFormation schema. The problem should go away the next time you restart Visual Studio.
Upvotes: 1
Reputation: 5233
It seems the problem is caused by syntax parsing issues in Visual Studio and the AWS Toolkit. I raised an issue on GitHub and you can track it here: https://github.com/aws/aws-sdk-net/issues/1001
Upvotes: 0
Reputation: 498
I think the issue is in your syntax is that it should be a statement array, because there can be multiple policies as below,
"Statement":[
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
example of having multiple policies will be as below,
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:Query"
],
"Resource": "arn:aws:dynamodb:${region}:*:table/${project}-songs-${dev}/*/*"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem" ],
"Resource": "arn:aws:dynamodb:${region}:*:table/${project}-users-${dev}"
},
]
Upvotes: 1
Related Questions
- How to create a policy using the AWS CLI
- AWS application composer - is there any way to specify additional IAM POLICY
- Converting IAM policy into Serverless framework syntax
- Serverless Framework - Cannot generate IAM policy statement for Task state
- AWS::IAM::Policy definition with "own" resource parameter
- Could not get the syntax of policy definition in SAM template resource(serverless function)
- IamRoleLambdaExecution - Syntax errors in policy
- How can a policy be assigned to AWS resource?
- creating policy with aws .net sdk
- create AWS IAM Policy using cloudformation